أقوم بإعداد أمان 802.1X على شبكة LAN بها مفتاح C2950 يتحكم في الوصول من شبكة WLAN إلى شبكة Ethernet LAN. أخطط لاستخدام PEAP. لقد قرأت هذا المقال من Cisco حول تكوين أمان 802.1X

the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0.

مطلوب خادم RADIUS ، ومع ذلك ، لدي خادم Ubuntu متاح ، وليس Cisco ACS ، ولا أعرف كيفية إعداد خادم RADIUS لهذا السيناريو.

هل هناك طريقة لإعداد 802.1X / PEAP بحيث تعمل مع C2950؟ وكيف يمكنك إعداد خادم RADIUS على خادم Ubuntu؟

answer

خادم Free Radius هو خادم Radius مفتوح المصدر متاح لجميع توزيعات Linux الرئيسية ، بما في ذلك Ubuntu: http://freeradius.org/doc/ ستحتاج إلى تكوين نقطة الوصول اللاسلكية لإرسال طلبات المصادقة إلى خادم Radius.

من مستند Cisco:

Configuring the Switch-to-RADIUS-Server Communication

RADIUS security servers are identified by their host name or IP address, host name and specific UDP port numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service—for example, authentication—the second host entry configured acts as the fail-over backup to the first one. The RADIUS host entries are tried in the order that they were configured.

Beginning in privileged EXEC mode, follow these steps to configure the RADIUS server parameters on the switch. This procedure is required.

   Command     Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

radius-server host {hostname | ip-address} auth-port port-number key string Configure the RADIUS server parameters on the switch. For hostname | ip-address, specify the host name or IP address of the remote RADIUS server.

For auth-port port-number, specify the UDP destination port for authentication requests. The default is 1812.

For key string, specify the authentication and encryption key used between the switch and the RADIUS daemon running on the RADIUS server. The key is a text string that must match the encryption key used on the RADIUS server.

Note Always configure the key as the last item in the radius-server host command syntax because leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in the key, do not enclose the key in quotation marks unless the quotation marks are part of the key. This key must match the encryption used on the RADIUS daemon.

If you want to use multiple RADIUS servers, re-enter this command.